Where to install fail2ban?
Hi all!
I'll go straight to the point.
Assuming you selfhosting a public facing web application in Docker container on host-A, and put that application behind reverse proxy using Caddy which runs on host-B.
If you want to add fail2ban to add another layer of security to the public facing server, would you install it on host-A or host-B?
I know this question might sound silly to some, but my brain is fried right now so I can't think.
Love you people!
https://redd.it/1471tjp
@r_SelfHosted
Looking for a maintenance scheduler
As a homeowner and tinkerer, there are a ton of tasks that should be done at regular time intervals. The schedule on which a task should be done can vary from a strict one (e.g. every 3 months) to a more lenient time period (e.g. each year between January and May).
I'd also like to keep track of the history of maintenance, as well as receive notification before the task is due.
I wanted to make something like this myself, but I thought I'd ask first if an existing solution is available.
https://redd.it/kr1oel
@r_SelfHosted
qbittorrent on docker with ZeroTier on a CGNAT?
My isp is using CGNAT and I am using ZeroTier to Tunnel through and access all my self-hosted instances. I recently installed qbittorrent and uploaded a `.torrent` file to qbittorrent and clicked on the start button but it didn't work. I checked the website(private tracker) from where I downloaded the torrent file and it showed that the port 6881 is blacklisted/ Is there something am I doing wrong? I tried changing the port to something else but it didn't work.
My docker-compose.yml is the one from linuxserver.io
version: "2.1"
services:
qbittorrent:
image: ghcr.io/linuxserver/qbittorrent
container_name: qbittorrent
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/MyCountry
- UMASK_SET=022
- WEBUI_PORT=8090
volumes:
- path-to-config:/config
- </path/to/downloads>:/downloads
ports:
- 6881:6881
- 6881:6881/udp
- 8090:8090
restart: always
I have another container using the environment variable `UMASK_SET=022` I don't know if this is relevant or not but I decided to add it anyways.
https://redd.it/kqzfjy
@r_SelfHosted
Project Lightspeed: a selfhosted option for subsecond live streaming
https://github.com/GRVYDEV/Project-Lightspeed
https://redd.it/kqxcgy
@r_SelfHosted
Create selfhosted proxy site to bypass Squid Proxy server on network
In my workplace, the internet must be connected through a Squid Proxy server. I can access to some site with filterbypass.me
I would like to make a webserver on my own VPS to connect to restricted sites like filterbypass.me.
How can I do that? Thank you very much.
https://redd.it/kqvtid
@r_SelfHosted
Help point me in the right direction
Hey guys,
I was hoping someone could help point me in the right direction in terms of configuration and what is needed to do what i want with my server.
If the public visits mydomain.com I want them to go to a static page. However, if someone is on the network/logged in via VPN, I want them to go to my Organizr page (which is secured by Authelia) and even give them access to all the webapps that I'm hosting -- not just Organizr.
I saw that Authelia has the "Networks" section in the config files. Can I do what I want through Authelia?
My setup/resources are as follows:
"Internet" comes in and connects to my "Ubiquity Dream Machine with VPN server" [x.x.1.1\]. Which I then route to my "Raspberry Pi" running AdGuard-Home as a DNS Server [x.x.1.3\]. I also have an Unraid server [x.x.1.10\] which is running the webapps (i.e. nginx, authelia, organizr).
Any help would be appreciated. Thanks
https://redd.it/kq7aba
@r_SelfHosted
Self hosted solution for Music similar like sonarr/radarr.
Is there any service like sonarr/radarr for music. That will connect with jackett and will grab albums, songs of filtered artists from private trackers (RED, OPS) .
Currently I'm doing this manually and it's not too much hassle but it will be great to automate all this stuff and manage library automatically Because sometimes if I miss any album or song so I don't have to worry about it.
Thank You!
https://redd.it/kqeyxb
@r_SelfHosted
Can someone please explain authelia and keycloak to me?
I'm now in the stages of building a server and planning what to run on it and this subreddit has been a goldmine. I know that I want to have some of the services accessible from the outside and that also I want them to be protected in a way and I have seen mentions of Authelia+traefik
From what I understand, Authelia just "translates" either a passwd file or a ldap server into SSO and 2FA.
I'm not at all sure what keycloak does and what the differences are; I'd be grateful if someone could explain
Also if you could provide me with pros and cons for LDAP backends such as OpenLDAP or FreeIPA, that would be appreciated
https://redd.it/kqasfi
@r_SelfHosted
How specialized are your services?
Something I've often wondered about in other people's setups are how specialized the services they host are. I mean in the sense that we could all spin up a version of nextcloud to host everything, or each piece of media could be split into different services, like [photoprism](https://photoprism.app/) for photos, [gollum](https://github.com/gollum/gollum) for notes and wikis, calibre / [calibre-web](https://github.com/janeczku/calibre-web) for books, etc.
Does anyone have a strong argument for why they choose to do it one way over the other? Right now I run somewhat broken services (jellyfin, gollum, various *arrs, calibre, etc), because the only person I'm serving is my self and the way I was introduced to many of these ideas was through individual projects. That, and the unix "do one thing well instead of many things not so well" philosophy.
This kind of question pops up mostly when I'm considering moving away from something like gollum for nextcloud, or when I think about whether I want to do a full airsonic install or just go for something integrated in jellyfin.
https://redd.it/kqje8p
@r_SelfHosted
Looking for an YouTube player with adblocker
So basically I'm searching for a selfhosted web interface that plays YouTube videos while filtering out the ads like Sponsorblock. I'm thinking at that as an alternative to YouTube Vanced on iPhone.
https://redd.it/kqmibk
@r_SelfHosted
CUP - Cloudflare Updater | Turn Cloudflare into a free, robust Dynamic DNS service.
https://github.com/viertaxa/cup
https://redd.it/kqhiym
@r_SelfHosted
Trying to figure out how to unify logins across multiple self hosted apps.
I've got a rack going with a number of self hosted apps.
the vast majority are only set up for myself and have been locked down.
However I have several that are available via subdomains to my friends and families.
I'm currently maintaining a locked offline file with each persons login/pass combo
and manually editing each app as it comes up which is cumbersome at best.
What would be the best way to enable a single database of
usernames/passwords to enable login. For example each person would
have the same login/pass combination to nextcloud, wordpress, rocketchat,
and a couple other apps. In addition if there is a password loss or exposure,
I can change it in one location to invalidate the old one across all the
relevant containers/apps.
Thanks in advance. I'm an old hand at hardware. relatively new to the
software side of things and Loving the learning process.
https://redd.it/kqhw1j
@r_SelfHosted
How to harden/protect self-hosted ecosystem from disaster?
Over the years I have built up a machine that hosts a lot of applications used in my family's daily life. Self-hosting had morphed from a fun hobby to something people actually depend on and would be inconvenienced if the system were to fail. This has led me to trying to implement some best practices for system hardening and disaster recovery. However, I don't know a ton about these topics so I am looking for some resources or ideas that can help protect the system. My goal is a system where I have a complete run book if the hardware melts down and I need to rebuild from scratch.
Here is what I am currently doing:
Host:
Ubuntu Server - kept up to date
ETC is backed up daily to a private GitHub repo using ETCKeeper
Apps:
All apps are as Docker containers
Each app stack has a dedicated docker-compose.yml on my NAS (mounted in the host)
Data:
All containers use host volume mounts for data/config
All data/config directories are backed up to the NAS weekly
Backup cronjobs are monitored by Healthchecks
NAS is live synced to an off-site cloud provider
File Security:
Each app has its own service account and group.
Each service account has a long, randomly generated password stored in a password manager.
Only this account and group has permissions to the apps data/config directories.
Sometimes another app needs access to the data directories so access is granted by adding that app's service account to the group.
Network:
Router is configured to forward :443 to my nGINX/Let's Encrypt stack (SWAG). SWAG also includes fail2ban and MaxMind. No other ports (including :80) are forwarded.
Router runs custom firmware (updated) with non-default passwords.
Some apps are externally available via a domain. Dynamic IP is handled by DDClient.
Apps are secured with either Authelia or oAuth depending on the type of access needed - for example, some family members only need a couple apps and thosee apps support Google auth, so I have them use that rather than maintaining another set of credentials in Authelia.
Each app is on its own network within Docker.
Apps that need to be available externally are on an internal bridge network with SWAG.
SWAG proxies using the internal network.
Things I probably should do:
Identify the best method for pulling sensitive data out of docker-compose files. Some people recommend .env files but those seem inherently insecure as well. Secrets appear to be a Swarm thing. Other options?
Migrate everything to non-standard ports. Also, how can I expose the containers port to the internal network but not be available at host:port?
Document the system. I'm not sure the best way to maintain secure documentation on this. Is having an internal Wiki secure enough? Also applies to things like API keys - where can I safely store these? It seems like centralizing this information is a terrible idea but not sure how else to keep it all straight.
Backup users/groups/directory permissions - is this possible? All of the docker-compose files include PUID and GUID that would be painful to recreate.
Any additional thoughts or ideas would be greatly appreciated. Thanks!
https://redd.it/kqf50r
@r_SelfHosted
Are there any private/self-hosted reddit archivers?
I'd like to aggressively save comments from a subreddit that is well known for users being able to report comments en-masse and have them automatically removed. This is usually because someone either calls out group-think or because they leak information of some kind.
Pushshift doesn't do a great job of saving these comments unfortunately, oftentimes taking ~1 hour to get to the comments, but many comments are removed within 15 minutes of posting.
Is there some kind of a self-hosted/PRAW bot that aggressively archives comments from a low-activity subreddit comment stream? I imagine it could be a script that's called every minute or two.
Thanks in advance!
https://redd.it/kqbu7p
@r_SelfHosted
What can you host on an older Android device?
So I realised I have some old Android devices lying around in fairly good running condition. I was wondering if there's anything I can host on it, considering the lesser processing power and in my case, not much storage too.
First thought was a Media server but I have Plex running fine on a proper server and no reason to switch that. What else could I run on this that would be helpful?
https://redd.it/kqa2zo
@r_SelfHosted
Automatic macOS backups with Kopia and Backblaze
I've had a great experience using Kopia and Backblaze to back up my Mac. I don't use the Kopia UI, which makes automating the backups a little tricky, so I wrote up some notes to future me on how to set it all up, and figured I'd publish them in case they're useful for anyone else.
https://hmarr.com/blog/mac-backups-with-kopia/
https://redd.it/146wvsa
@r_SelfHosted
Selfhosted rabb.it/tutturu.tv VM
Is there something like an easy to setup Image/Program that automatically sets up a webserver on the machine where you can control a VM together so you can browse, and do stuff together using something like WebRTC?
I am thinking about something similar to Services like rabb.it (†) or tutturu.tv.
I like the service but i hate that anybody could watch what i am doing on their VMs anytime, and that i cant use my own services, log in and stuff.
https://redd.it/kr11ux
@r_SelfHosted
Backup tool - to backup from remote servers via ssh?
Hi everyone.
Looking for selfhosted tool I could plop on my home server as docker container - that would have a gui and that I can configure to pull remote directories via ssh /rsync from N+ remote servers on like daily schedule onto my 20Tb home nas.
Ideally GUI is preferred and I would prefer to specify number of backups I wanted to keep.
P.s. Ive looked a duplicati - but I think it works in other direction - backing up from local to remote locations.
https://redd.it/kqyvtt
@r_SelfHosted
The Most Popular Databases - 2006/2020 - Statistics and Data
https://www.statisticsanddata.org/the-most-popular-databases-2006-2020/
https://redd.it/kq90w3
@r_SelfHosted
Does Collabora require Nextcloud?
I have installed Collabora and have the service running behind a reverse proxy, but I have to been able to access any of the pages (errors 400 or 404). Every tutorial I can find uses Nextcloud, but none explicitly say it is required.
https://redd.it/kq6u86
@r_SelfHosted
UPS with Auto Shutdown Linux/Windows
It's been a bit since I've owned a UPS and I'm looking for something with software that can be scripted to shutdown when power fails.
I'm only looking for something with minimal load support that can shut down a Lenovo ThinkServer and Windows workstation with zero user warning.
Thank you!
https://redd.it/kq8lra
@r_SelfHosted
Opinions on VPS tradeoffs
Hi all, I'm looking at upgrading my VPS hosting to get a little more storage space. I currently have a plan with Ramnode with 2 shared 3.5ghz cores, 6gb RAM, and only about 100gb of storage (\~20USD/month). I use it for self hosting gitbucket, mattermost, a few test websites, random programming projects, etc., as well as learning devops/sysadmin type skills. I generally don't run the cores too hard, but ramnode isn't super specific about what constitutes un-acceptable use of shared cores. I do occasionally compile large programs from scratch (vim took a while), but I've never had any complaints/notices about core usage.
​
I'm looking to get something new with block storage in the 2TB-4TB range. I'll keep doing the projects I have on the go, but I'd like to add some light torrenting/streaming plus (personal) file hosting. It looks like I can get kind of what I want for around 35USD, looking at something like https://my.letbox.com/cart.php?a=confproduct&i=1 configured with 4 30% CPUs, 8GB RAM and 4TB extra block storage. However, I also see some dedicated options on https://billing.dacentec.com/hostbill/index.php?/cart/dedicated-servers/ that look promising, there are a couple of 35USD options with dual 5420 CPUs (2.5ghz), 16GB and at least 4TB storage. I really like the idea of having a dedicated machine, especially with rent-to-own, but I don't know how much I'll miss having the extra CPU speed (the Ryzen 3900X machines seem particularly inviting), although there's obviously a trade-off for way more dedicated cores. I know a lot of VPS end up being on lower end, older CPUs like that anyways, but I'm curious if anyone knows the likelihood that I'll actually get complaints/limiting on something like the letbox VPS? They seem to have a pretty hard 30% limit on the Ryzen machines. The other downside to dacentec is unfortunately their data center is on the opposite side of the country from me... (North Carolina as opposed to LA, and I'm on the west coast).
​
Any advice or suggestions on hosting to look at would be appreciated!
https://redd.it/kqr8g6
@r_SelfHosted
Chaskiq: Full featured open source platform for live chat for support, marketing and sales.
Hello everyone, after 1 year of hard work since the launch of our OSS. I think I have built one of the most complete open source alternatives for conversational platforms like Intercom, Drift and others. This may sound pretentious, but let's see what are the characteristics of Chaskiq, you can judge later.
https://github.com/chaskiq/chaskiq
https://preview.redd.it/3dd8s01orf961.png?width=800&format=png&auto=webp&s=50f3a60962b57d5ec883db30cd618a0bdf03222a
What features Chaskiq has:
For visitors
Embeddable Live Chat supporting video calls and custom apps
Video calls supported
Integration with third party API for conversations
Custom blocks to compose new workflows, that could communicate with API based services
Programable and embeddable Onboarding tours
Programmable and Embeddable banners
Customer Segment Filters with custom attributes support
Pre programmed conversation behaviors with bot routing tasks
For Agents
Agent's conversation routing
Text chat with customizable content blocks support, plugins supported
Compose Triggerable conversational bots
Mailing campaigns with statistics on sends , delivieries, clicks & bounces
API integrations - Whatsapp / Twitter DM / Slack / Calendly / Zoom and many more!
CRM integration - Pipedrive supported
Dashboard plugins supported
Webhooks that notifies certain events on conversations and visitor conversion
Help Center system with multilanguage support
API support - consumible via GrapqhQL with Oauth authorization
External APP creation for use in agent conversations, contacts sidebar, routing bots and conversations (this feature is specially amazing : [https://api-docs.chaskiq.io/](https://api-docs.chaskiq.io/) )
Quick replies (as canned responses)
Take a look our repository on https://github.com/chaskiq/chaskiq and try it out!
Right now we have production builds on Docker and one click installation for Heroku and Caprover.
Best Regards from Chile!
https://redd.it/kqq4qo
@r_SelfHosted
What is everyone's experience in posting your own DNS server? I'm not talking about a pihole, but rather your own DNS server so that your DNS queries are not exiting your network. Have you implemented DoH, or any other modern secure DNS practices? What is your uptime? Any failover solutions?
Edit: For some reason only two of the options in the polls are showing on my screen. If any mods could help, the other two poll options were:
3) I use a secure third-party DNS server such as 1.1.1.1
4) I use my ISP's, Google's, or any default or DHCP-provided DNS server
View Poll
https://redd.it/kqjuag
@r_SelfHosted
Reverse proxy multiple ports to the same subdomain
I need some help figuring out how to/if it is even possible to have a reverse proxy do this.
Here is the use case for what I am trying to solve which might be better to explain first rather then trying to ask specific questions:
VM running a service that needs multiple ports, say 500 and 550. It has a static IP for the internal network let's say 192.168.1.100
VM running nginx proxy manager with the router forwarding external ports 80 and 443 to it.
Modem has a dynamic external IP so I have exampledomain.com DNS pointed to dynu.com which handles the dynamic DNS and forwards all the domain traffic to my modem.
I would like to setup a subdomain to point to the service like service1@exampledomain.com
This is where I am stuck. If the service only needs one port then I can setup the reverse proxy record and everything works as it should. But some services as I gave an example for need multiple ports to work and I do not know how or if it's possible to have the reverse proxy handle this. Before I setup nginx I had the router port forwarding settings just point all the needed ports to the internal IP. If I try to create a reverse proxy record in nginx for the additional ports I get an error that the subdomain has already been used.
I appreciate any help or guidance you can offer.
https://redd.it/kqk8vy
@r_SelfHosted
File manager
Any application where i can basically tell my 2tb hdd to be accesible to friends and i can drop files into a folder and they can access but like not on the cloud if that makes sense?
https://redd.it/kqi2ys
@r_SelfHosted
h5ai - file upload / management incl. user management
There have been posts already about the project, but I think the solution is not getting enough attention.
The project page can be found at https://larsjung.de/h5ai/
I am using one of the docker images on github and use it now for quite some time for accessing my pdf files with hypothes.is in firefox.
The docker image I am using now on my public server can be found at https://github.com/IllyaTheHath/Docker-H5ai
https://redd.it/kqfj26
@r_SelfHosted
Request - Does anyone know of a mood tracker, mental health focused, self-hosted solution?
I'm looking for something that I could use to track my moods, emotions and overall mental health over a period of time. Bonus if it allows for notes/journaling.
The Daylio app would be exactly what I'd want to replicate. For obvious reasons, it's not something I want to put my data into.
Let me know if you know of anything.
https://redd.it/kqcqyy
@r_SelfHosted
Selfhosted documentation wiki for selfhosted services
Hello my fellow selfhosters. Since I started to selfhost services it became an addiction, which menas that I have a lot of services running in different virtual machines with different configurations and so on. That means that, in case of some terrific problem I would have to re-do the installation and configuration of every service, what brings me to the question: do you know/use any good selfhosted documentation wiki where I could create pages for every service and upload documents attached to them (i.e. NGINX default.conf file)?
​
Thank you in advance, guys!
https://redd.it/kqb05h
@r_SelfHosted
Opensourced IFTTT with n8n.io
https://tech.davidfield.co.uk/opensourced-ifttt-with-n8n-io/
https://redd.it/kq8mo8
@r_SelfHosted
